commit 84cd7087d5c0b9d32d016d115c3784d98ed5fe48
author Dorin Drimus <dorindrimus@google.com> Mon Jan 25 13:57:56 2021 +0100
committer Dorin Drimus <dorindrimus@google.com> Tue Jan 26 15:59:37 2021 +0100
tree fb5245eae6dc75d4fd97bdd166113c7d5d665358
parent 29c54ec937db440fbb40f21d101f0a5fc6bbc33c

Add vendor_public_framework_file type to SEPolicy

And allow access from system apps to vendor libs public only for system.
These files should be marked individually by OEMs. Maintainance
ownership for these libraries is also OEM's responsability.
Similar with vendor_public_libs_file type, this allows for an explicit
labeling of OEM system apps that can access libs from vendor.

Bug: 172526961
Test: build-only change, policy builds
Change-Id: I7d4c8232e0b52e73f373d3347170c87ab2dcce52

private/compat/29.0/29.0.cil

diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 8340c76..fb0fa44 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1914,7 +1914,9 @@
 (typeattributeset vendor_keychars_file_29_0 (vendor_keychars_file))
 (typeattributeset vendor_keylayout_file_29_0 (vendor_keylayout_file))
 (typeattributeset vendor_overlay_file_29_0 (vendor_overlay_file))
-(typeattributeset vendor_public_lib_file_29_0 (vendor_public_lib_file))
+(typeattributeset vendor_public_lib_file_29_0
+    ( vendor_public_framework_file
+      vendor_public_lib_file))
 (typeattributeset vendor_security_patch_level_prop_29_0 (vendor_security_patch_level_prop))
 (typeattributeset vendor_shell_29_0 (vendor_shell))
 (typeattributeset vendor_shell_exec_29_0 (vendor_shell_exec))